I'm fairly confident that this is related to my recent posts about SESSION and iFrame. I'm just not sure how to fix it.
I have been working for several months on this project; but I only recently discovered that there are differences in CFAdmin between our dev and production environments. Production is much more restrictive.
SO.. I bit the bullet, and set J2EE sessions to enabled; I set setDomainCookies to 'yes'; and enabled "Use UUID for cftoken" (that is what we have in production.)
Suddenly, the forms that I've been working on for months (that submit form data via jQuery AJaX) are breaking. All of them. FireBug says that "JSESSIONID has changed". Well, duh, that's supposed to be a security feature.
Is there a way to submit form data via AJaX without undoing any of the settings I outlined, above?
Do you do some form or checking when you submit forms?
I use forms via ajax with these settings in place and have no problems at all.
The settings you mention have been in place on our setup for a long time and never get any issues related to the things you have mentioned.
I am using both client-side and server-side form validation. Part of that validation is a math "captcha". When the parent document loads, it sets many session variables, one of which is the numeric answer to a worded math question.
On the form, the last form element is the worded math question, with an input for the user to enter a digit-only response. This response is passed to the CFC that processes the form data. The CFC is not seeing the session variable that contains the answer.